Slashdot Mirror
Properly Contributing to Open Source While on Company Time?
egeorge asks: "I was wondering what kind of paperwork/policies developers have at their jobs concerning contribution to open source projects. I develop software at a company that derives almost its entire revenue from software. Some software is licensed to customers, some is run internally in a service model, but the software is our whole business. We have recently been doing more and more modification and customization of open source products, and we would love to give some of this back. As developers, though, some of us are a little hesitant to just start flinging code that technically still belongs to the company out into the world. We want to make sure we get clarification about what is or is not covered by our NDAs.
So, what kind of procedures do other developers have to go through to get adequate coverage for Open Source submissions? I would like to suggest a policy to my superiors, and could use a few good suggestions."
I'm a consultant, paid for my time and the IP I develop. I would not dare to risk cross-contamination by doing anything more than downloading and using open-source packages at the office.
It was a joke! When you give me that look it was a joke.
As I understand it, as far as the copyright law goes, if you create it at work on your companies' computer, the copyright belongs to them.
keep in mind the GPL allows for internal use of modified software without releasing the source code.
autopr0n is like, down and stuff.
We have recently been doing more and more modification and customization of open source products, and we would love to give some of this back
What does he mean by "love"? Does he have a choice?
The first question that needs clarification in my mind is - Is your company distributing open-source code that they have modified?
If that is the case - then if it is GPL'd code, you need to release it according to the license. If it is a BSDish license that isn't the case.
Probably the best piece of advice - get your company to emit a policy on the subject. You may not like the results, but at least it will be a definitive answer.
Have you compiled your kernel today??
I think Justin Frankel would tell you that you can't ever be sure that you have any creative control over what you are doing on company time.
The only ways to remain certain that you have complete control are to either work on your own or with a small group in a small company and then leave as soon as they get bought out by the big guys.
lysergically yours
Remember that open-source is not necessarily free-as-in-beer. Your company can charge for the source code and the binaries if it wants, it just needs to use an open-source license (insert heavily-compressed flamewar here).
Also you can make quite clear that you will only support YOUR version of the product and that if they choose to modify the source they're on their own.
If you're just talking about donating code snippets, well, then you need someone with more experience in that than I.
Zaphod B
When duplication is outlawed, only outlaws will have
Please read the following before committing your IP and company to Open Source:
Open Source Doesn't Make Economic Sense For Most
The open source organization has presented a few cases that supposedly explain why OS works economically. However, if you examine the cases objectively you will find that the cases are flimsy and non-specific and do not address any specific concerns. They attempt to bolster their case by pointing out a few "successes", among which Caldera and Red Hat are displayed as shining examples.
The real economic question of the OS model is how is money made, and who is making the money. Who is being rewarded financially for the enormous development effort? The open source initiative claims that there are at least four different models that allow someone to reap rewards. Oddly, it is not mentioned that it is not necessarily the people who did the development work that gain financially.
The four primary business cases mentioned by OS proponents are "Selling Support", "Loss Leader", "Widget Frosting" and "Accessorizing."
The first case proposes that money can be made via selling support for the free software product. This is by far the strongest case and is proven to work, for a few small companies. The two companies that are shown as positive examples of this business model are Red Hat and Caldera, who distribute and support the Linux operating system. What is never mentioned is that neither of these two companies has contributed significantly in relative terms to the Linux development process. Its important to note that using this business model, the people that make the money are usually not the ones who have invested in the development process. So much for the strongest case.
The second case is based on the idea that you give away a product as open source so you can make money selling a closed source program. This also can work, but it should be noted that the money is being made off the closed source product and not off of the open source. An example of this model would be Netscape, who gives away the source code of their client browser so the OS community can do development, but keeps their "cash cow" products completely closed. Obviously, this case may only work if you have a software product that lends itself to this sort of "give away the razor and make money on the blades" system. The truth is that the vast majority of software is monolithic. So much for the loss leader case.
The third case, "Widget Frosting", sounds completely practical. The premise that hardware makers produce open source software so that the OS development community will work for free to produce better drivers and interface tools for their hardware products. It sounds great on the surface, especially for the company that produces the hardware: they get free drivers and do not have to pay for expensive developers. The OS community wins by getting presumably stable drivers and tools. What is not mentioned is the reason hardware makers usually don?t do this is because they do not want to reveal trade secrets regarding their hardware design. Production of efficient drivers requires an intimate knowledge of the hardware the driver is for. It is almost always the case that it is in the hardware developers? best interest to keep their hardware secrets close to home. This also brings up the question of why isn?t hardware "open"? So much for the frosting case.
The final case, "Accessorizing", is similar to the first, but throws in the idea of selling books and complete systems with the open source software, and other accessories as well. It is obvious that selling books qualifies as support, and that it really belongs in the first case. The idea of selling computer systems, T-Shirts, dolls, again begs the question: "Who is making the money?" As with the first case, it is not necessarily the people who have done the development work. Additionally, the question of how much money can be made selling books, t-shirts, mugs, etc, is never answered. O?Reilly Associates is frequent
Well, sometimes I will be working with a OSS software package and I see a way to make a little change to make it better, or fix a bug. Why should any employer/client worry about that?
Thats what I did when I was at SCO, anyway!
That's why he's asking about paperwork and policies. If they sign a contract saying they don't own certain kinds of code, then that can supersede the "work for hire" copyright issue.
Patrick Doyle
I mod down every jackass who puts his moderation policy in his sig. Oh, wait a sec....
TIA
If we don't fight for ourselves no one will.
This is how I understand it. There are some issues concerning which libraries you have to use, etc. to maintain fundamental ownership of your code (beyond perhaps a copyright acknowledgement), etc.
I too, need to go re-read the liscense docs (GPL, GNU, BSD, etc.)
...How to run an ebay business selling your company's items
I'm unsure of whether you are suggesting contributing whole products or simply useful widgets. Obviously if your company makes and sells software then contributing entire tools would ultimately cost your company money.
OTOH, If you are suggesting contributing or modifying useful widgets(sort routine, object loader, file input output routines) then the terms of your contract have bearing. Many employers claim ownership of everything you think while on company time. Obviously the company doesn't want to get trapped into giving away items that cost it money. IOW, you asked a very vague question.
Most companies are still very wary of a support only model and will need to have it sold effectively. So be prepared to sell the advantages of selling support to selling "solutions".
Food not Bombs is a nice platitude but it breaks down when you notice that the Bombees are usually well fed
Not always. As an employee of the US Government, my work is not eligible for copyright protection in accordance with 17 USC 105.
Thus, the programs I've written and been allowed to distribute are available as public domain. You can check out my programs for computer forensics and system administration, foremost, and md5deep, on Sourceforge.
Ultimately, anything you've done on company time is owned by the company, and you have no rights to it whatsoever, NDA or no. Your contract may grant or revoke various rights, of course, where not prohibited by law. But I would definitely go in assuming that all that code belongs to the company and you have no right to distribute it without formal written permission.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
gets asked a lot around here. And the answer is always the same: Talk to your legal department. There isn't anything else you can do.
When we're modifying open source programs for use in our environment, we try to come up with two different types of patches; patches that enhance the package wether they be with new features or bug fixes, and patches that are only there to support local conventions and tools. We rarely submit the local patches back to the development team of the package, but if we feel that the enhancement types of patches will help out the project, we'll submit them back.
Donald Roeber
Generating 2048 Bits of Randomness...
Because it isn't your job.
If there is a bug in the software you submit it to the author and work around it [or find another package].
The only two exceptions are
a. The bug is a single line typo of sorts that would only take a split second to fix
b. The software is mission critical and you'd go belly up without it.
Tom
Someday, I'll have a real sig.
Because you are doing it on their time, not your own.
the company i work for has a term of employment agreement that i had to sign upon hire. it specifies that the employee is forbidden (except by written arrangement) from participating in activities that conflict or compete with the company's business. Example would be contributing to open source software that competes with your company's product.
these kinds of agreements is probably common practice.
if in doubt, you can ask for permission. if you aren't granted permission, then you have a decision to make.
"I would like to suggest a policy to my superiors, and could use a few good suggestions."
You do this: YOU DON'T!
You're sitting in your cube hammering out some code for whatever company project you're working on and suddenly you realize that the code you just slapped together would be perfect to help [insert OS app here].
What do you do?
Do you take the (now) IP of a company project and give it to GNU and do it over the company wire? Do you do the (technically) "Right Thing" and not contribute that code at all? Do you mix the two and think of another way way to code the exact some thought, just in a different way (on the company's bill)?
I can't answer that. This is now a moral decision. Not an economic or even IP one. It is *YOU* that has to decide if any of the above (or ones I've missed) are "right" or not.
[/SOAPBOX Src="two_cents"]
I'm not a prophet or a stone-age man,
I'm just a mortal with potential of a super man.
According to title 17, an employer owns the copyright to "a work prepared by an employee within the scope of his or her employment." I don't know the case law myself, but I wouldn't expect this to be measured by whether you're using the company's computer, any more than I'd expect they would hold copyright to all phone conversations made on company phones.
Clearly that is your right - but I would venture that you are losing (or at least lowering) one of the essential values of Open Source: the ability to lower support, development and maintenance costs by having them amortized amongst the various businesses that to whom you might consult.
Moreover, I have yet to see a reputation tarnished by having contributions accepted to high calibre projects in a peer-reviewed manner.
When you mention cross-contamination, do you mean that you fear that you might put a client's IP into software which you subsequently release? Surely your client would have the right to refuse publication rights for the code (since the IP wasn't yours to give away)? Speaking flippantly, is it that you figure Open Source stuff would get you found out more quickly than a release of closed source kit? :-)
--Ng
Do Not develop open source software at work. Do not open your mouth and keep your ideas to yourself. If you get found out, most companies would steal "your" ideas. If you had a brain, you would have read and kept copies of anything you signed when going to work for your pesent company.
See a lawyer. Spend the money on the free consultation! Mingey Manga.
The work I do is mostly funded by NASA, under scientific grants. Every grant proposal I submit contains the words "All software and intermediate data products will be freely released to the general public" (or minor variations on that sentence). That way I'm actually required to release stuff, and the most restrictive license I can put on it is something like GPL (public domain would also work, of course). Haven't had any problems with management over it.
This makes sense when you think about it from their risk-averse perspective: releasing even small pieces of otherwise-useless specialized code is all downside and no upside.
On the plus side you might might improve goodwill with a small number of open source developers. But on the minus side you might be exposing the company to liability, accidentally revealing sensitive information, or inadvertantly helping your competitors. Plus, management always has to worry about shareholders second-guessing them -- possibly resulting in a shareholder lawsuit -- if the IP you give away is later perceived to have been very valuable.
Given all this, a dangerous but more pragmatic idea might be to just go ahead and contribute at least the small stuff like your patches and bugfixes. As long as you have no official policy forbidding this you can point out that it's just the standard way things are done when working with open source tools.
Let me be clear that I am not actually advising anyone to do this. More just.. thinking aloud.
Comment removed based on user account deletion
Considering it's a software company, hire a lawyer. Developers alone should not be making these decisions where a company's fate is at stake. Hire a law firm who specializes in software and/or copyright, go over everything with them, and then make up policy. It's not smart to not consult a lawyer in this case.
Developers: We can use your help.
I'd never do something so dishonest as to develop OSS on company time. I just look at pr0n and DL some music on Kazaa ;-)
"Much work is lost, for the lack of a little more." -Edward H. Harriman
Empirical evidence suggests that, if a safe way to release work-produced code exists at all, it's to get an ironclad release statement written in blood and signed by the CEO and the company's legal department.
In short, I wouldn't try it. Convince management to do it, and make sure there's a paper trail.
Lucky bastard....Her Majesty the Queen of England of all people holds the copyrights on MY code. :)
Bill F*?$*^& Gates isn't a great programmer. He's an evil business genius who knows how to take other peoples work, re-package it, and sell it to the unsuspecting masses.
I don't know whether to hate him or respect him for it...
AAAHhhhh the pain!!! Must Hate! Must!
I'm posting AC for my own safety. I made changes to an open source package for my employer. Since the changes were for an internal package (we didn't release binaries to the public) I was told by my boss that submitting the changes to the package maintainer would be a violation of my NDA. I discovered after I left the company that my changes were eventually submitted to the package maintainer, and that my boss had taken credit for them.
The moral of the story: get the company policies in writing before you start making changes to an open source package.
but the moderators missed the humor. (The joke relates to the whole SCO / Linux IP lawsuit thing. You see...nevermind.)
They had me sign a contract that anything I developed while working there, no matter if it was related to the job or not, because their IP. If you signed a similar contract, then they technically own anything you code. You'll definately need their permission in order to release anything.
J
Just grow some balls, or you're gonna see some
new government agency that pre-empts any future
discussion of these issues.
If you are a good coder your bosses will bite
their lips and back off. And if they don't, well,
they don't deserve to be bosses, right?
I went through this 5 years ago and I walked out
when they beefed... right into a new job at nearly
three times the pay, and with an up front
agreement that if I met expectations I could fling
code to the masses.
Works out fine.
Stop acting like a victim, you're a coder.
the ability to lower support, development and maintenance costs by having them amortized amongst the various businesses that to whom you might consult.
No, you would not amortizing them. Look up accounting definitions before blindly posting. You would be passing on all support costs to the one employer who you are billing in the time it takes you to fix the shoddy OSS code.
but if what your doing is only helping you to perform your job better, what's wrong with that?
Of course, defining the Right Thing will in the end be up to your managers, but influencing their opinion is important.
First off, do they realize what value they are already getting from open source, or was that snuck in the door? The former would make life easier (for everyone, since more PHBs will realize the value of OSS).
One thing you don't want to do is to sneak behind your boss' backs and contribute what is unarguably company IP back to OSS without their permission. This can cause headaches down the road that could have been avoided.
Setting criteria for contributing back to OSS that you are enhancing is much easier than releasing OSS in the first place (IMO), and, yes, I have worked for enlightened companies that blended both well. It all depends on what your company does (industry focus) and where it values its IP. Generally though, if you have just enhanced OSS, returning those enhancements should be a no-brainer (and required by some OSS licenses). Again, that is really a no-brainer only if management knew you were using OSS in the first place.
For major enhancements, try to value it from your company perspective. If you were (eg) a video codec software company and had just made changes to a BSD video codec that gets 10x compression improvement with no quality loss, is it really worth your while to release that back immediately? I know some will argue that all software must be free, but how many of them are gainfully employed based solely on the free software that they develop (read: I don't think the model for just selling support sustains itself). IOW this isn't intended to start religious wars, just to make you think about what IP really has value to your company, and what you should be more readily willing to share.
Completely new software that you might want to release under and OSS license is similar to the above. First off, if you company isn't OSS aware, make them. Then discuss what things you don't want to release for core IP reasons, and what is good to release.
Remember that just releasing code doesn't raise the jollies of most corporate types. It usually has to have a purpose, and company brand awareness is a large part of that. Making or enhancing OSS software can be very good guerilla marketing for a company. It's perhaps not the same as dot.bomb hype levels, but it still has value for brand awareness, recruiting, etc.
Vicarious liability, for one reason. Your employer (in most jurisdictions) is at least partly responsible for your actions whilst you are in their employ, and on their time. It hardly seems fair for them to be expected to assume liability without having the capacity to mitigate it, does it?
And all the disclaimers in the world won't help you if a case can be made for malicious code being deliberately released - your company would still be accountable.
--Ng
Working on open source projects requires tracking for several reasons: people forget what is open source, people forget that they (may) need to distribute changes or source code if they distribute the open source software, and they need to be clear what is a company asset and what is not.
The usual tool for this is to have a form and to designate one engineer and one lawyer to approve and track open source software that is modified. You should recommend creating a form with the usual questions and a naming scheme to designate directories as containing open source software.
What is name of this software?
Is this software's source code expected to modified or used elsewhere? [Most usage is just usage]
Is this software or any software derived from it expected to be distributed outside the company? Explain.
What is the license for this software? Does it require source distribution? When does it require changes to be distributed? Explain.
Do you forsee doing anything remotely tricky in the interpretation of the license so that we can use it? Explain.
Do you forsee incorporating any existing code from our company or code that would be useful in other projects? Explain.
And yes, require explicit approval from a manager before working on opensource on company time. This is all just common sense.
Then it is job related and there should be no problem with it unless the company has policies against using OSS.
That was not how the statement I replied to read though...
It's part of my personality naturally, and when navigating the American legal system, it's an asset.
Essentially the facts are as follows: I code for fun, and I code for money. When I'm coding for money, there are expectations, and those expectations include copyrighting the code. When I code for fun, Eclipse generates GPL templates automagically for every source module I create.
More than one fellow has tried to engage me in business ventures during work hours, but I'm always careful to defer all such discussions to a time and place where I can truly consider myself free.
No entanglements, low risk.
It was a joke! When you give me that look it was a joke.
We want to make sure we get clarification about what is or is not covered by our NDAs
IANAL but here goes...
This one is kind of obvious to me, but an NDA is an Agreement between two or more companies that basically says 'I'll show you mine if you show me yours' and legally binds each party not to tell anyone else about it. I try to avoid these because I'm always paranoid that the other company will tell me something I'm already working on and later try to stake a claim on what's mine.
Simple answer to your question: Before you send ANY code into the public domain get your boss to sign off on EXACTLY what you are releasing. Otherwise, even if you get the OK you could be in hot water later if your boss backs out on you.
All your base are belong to us!
I would have thought the best approach is to suggest that you submit the patches so that you won't have to go through the pain of merging your changes in every time you want to get a new version of the software. If you phrase it as something that will help your productivity, I'd have thought they'd be much more likely to agree.
Gates has already done that.
If you and/or your company are using OpenSource/GPL software in a beneficial way and you make improvements to the GPL code it would be in your/your companys interest to release your improvements to the community. After all, if you grazed your cattle on the commons would you sell the fertilizer back to the community that gave you free grazing priviliges or would you leave it on the commons to fertilize the grass so other cattle have grass to graze? Gates would collect it as "IP" and cash in, but are you that kind of person? Is your company that kind of company? (Selfish and Greedy)
In other words, if everyone took and took and took, but no one returned, GPL software would be less significant than it is today. So, leave your 'propriatary IP' attitude behind or stop using GPL software. If you want to sell your "IP" don't use GPL code in it.
Freely you recieved, freely give.
It's not that I am charging for my IP. It's that the terms of my contractual agreement dictate ownership of work I create during my paid business hours.
I personally do not have a moral or ethical quandary with opening up my development process, busting a hole in the firewall to allow CVS or at least SSH access, and making wholesale changes to open source projects on company time. I just don't want to be the subject of a 'Your Rights Online' story here.
It was a joke! When you give me that look it was a joke.
Unfortunately, part of M$'s rants about open source software is true. Unless a company is willing to contribute, using GPL type of licenced source is a parasite. The LGPL provides a happy medium. And contrary to GNU's belief (http://www.gnu.org/licenses/why-not-lgpl.html), it does provide a way for companies to get their toes wet in the Open Source world.
I am living proof of the Peter Principle
We've released all the HTML on our web site for the Open Source developer community. They can now leverage off our mouseover effects.
OSS kicks ass!
Call this a self-serving statement by one of those fscking IP lawyers, but your company should consult with a lawyer who knows software licensing, knows source code issues, and can advise your company properly.
Laws affecting technology will always be bad until enough techies become lawyers.
I suppose he could have put it a little more politely, but really, do people need to ask if it's OK to work on personal projects while on company time?
There's a Mercedes gap too. I want one and can't afford one, but it's not government's job to do anything about it.
You could rewrite the stuff a second time on your own time and then submit it in your private capacity. It usually turns out better the second time around anyway.
Of course this leads to the old developers' dilemma of when does company time stop and private time start because developers are notorious for coding stuff that ends up getting used by their company in their own time because it's fun.
Seriously though, let your bosses decide. It's their code and they might surprise you and feel some sort of gratitude towards the OS community for the resources that it's gained from there. It sounds like your company makes quite a bit of use of OS software and in a moment of weakness the powers that be might just be soft hearted enough to give something back to a movement that has advanced their business. It will be their call though.
Do you work for Microsoft?
I work for a web hosting company (www.hagenhosting.com) and we use basically all open source software to manage our systems. We recently started using an open source web mail client that works very well with our mail setup and in the process have made many changes to it (though I am still not done with all my changes). Once I get all the changes done and am happy with the quality of the code I changed I will be returning the code back to the original author. This is the first time that we have modified open source software that we use, but my boss was all about giving the changes back.
Unstable Apps: Our Android Apps Don't Suck
Can't you just use a psuedonym? I mentioned this in another post.
If the patch or software is released by "Thor the C Coder", who's the wiser?
I'm not a legal expert, but I assume that all changes are made while you are working at the company. This means the copyright of the code belongs to the company. If you want to publish your patches, you need a formal decision by the company management for doing this. Notify that if you modify code under the GPL and distribute that code to a third party, you are required to publish it with the complete source. Please make sure, that every decision is documented and signed by the legal responsible persons. Keep hard copies of these documents.
Legally sound, but immoral and practically insane. The same argument could be made for preventing you from doing almost anything you don't have to do, regardless of how public spirited.
And in particular, when in the history of this world, has "malicious code [been] deliberately released" as part of an OSS?
The upside for the company is an increase of good will, which transates into sales.
Alan Robertson, who maintains the heartbeat package and works for IBM, recently posted to the ha-linux list on this subject.
Alan does not accept patches to the heartbeat code that were developed on company time unless he receives a disclaimer from somebody at the company.
This is obviously spoofable, but it's probably a good way to legally protect the code -- Alan can honestly say he received it in good faith, which keeps IBM's lawyers' from breathing down his neck. It's kind of weird for me, though, I have to send a disclaimer giving myself permission to send in a patch....
So, to answer your question: explain to your CEO why helping the OSS community helps you to help your company, and get her/him to sign off on a policy that allows you to do so. Ask for legal authority to be delegated to yourself (or your boss) to license or assign corporate intellectual property to open-source projects. Then have HR propagate the policy to your co-workers.
Try to get a company policy permitting it. To do so, discuss it with your boss. If your boss is a dunderhead, discuss it with colleagues at your level in other departments and see if you can get them to discuss it with their bosses. Sooner or later it should filter up to the top and pass through legal. Keep your fingers crossed.
Then you should have no problem in formally writing up to them what you plan to return to the Open Source project.
Outline exactly what you intend to send the maintainer and why it benefits your job/the company.
Just don't do it because you can't see why you shouldn't. Your boss might have a different opinion.
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
Or have a contract that says you get the Intellectual Property, but your employer gets a perpetual, but non exclusive right to use, modify, and distribute it. I do. But of course, the software isn't what we're selling, we're selling what you can do with the software.
confused_one....that is absolutely correct. YOU ARE CONFUSED. Bill Gates is a business genius, but by no means evil!
Just because he can work the system, and you can't, don't be bitter. Just because he's the pinnacle of man, and you are nothing, don't be angry.
Long Live The Architect.
Also, how the above post could be a troll, I'll never know. I agree with it wholeheartedly.
Plus, it gives you piles, cirrohsis of the liver, bad breath, ring-around-the-collar, and worms.
Stick with raw greed as your motivator. Greed makes you taller, cleaner, healthier and more sexually attractive!
In the "unlimited greed" model, it doesn't matter if contributing to OSS makes your world better, because you must NEVER EVER EVER give anything away -- even if you don't need it, and can't profit from it -- because charity by definition is bad!
SO, to be truly greedy, don't help OSS projects make better code that can make your company more profitable - hug your tiny, uninspired code changes to your fat little chest and WHINE!
Remember, if greed is good then UNLIMITED GREED IS UNLIMITED GOODNESS FOR YOU!!!
If you release anything without explicit consent from your company, you're going to be sued for copyright infringement and damages like no other.
The do not "technically" own it. They own it. They're paying you to develop stuff for them. Although you created/modified it, you have no rights at all to it.
disclaim.future is a standard form supplied by the FSF exactly for these kind of situations. I couldn't find it on their website any more, but google knows where to find it.
I am an employer myself, and did so without any hesitation. If your boss wants to know more about opensource, GPL and the like, encourage him to ask around in his social network.
So if anyone wonders why nothing good ever gets done from our company, this is why.
Where I'm working right now (TimeSys), I've been involved in contributions to Eclipse and Cygwin. Here's some advice:
ASSUME THAT YOU ARE NOT ALLOWED TO RELEASE ANYTHING WITHOUT PERMISSION.
If there's no clear policy already in place, ask. You probably don't have the authority to act as an agent of the company with regard to making decisions about IP. (If you don't know for sure whether you have that authority or not, you should assume not until someone tells you otherwise.) Keep pushing the suggestions/requests up the chain of command until you reach someone who has the authority to say "yea". They may still tell you "nay", but at least you'll be getting a decision on the matter instead of an "I can't make this decision, I don't want to bother my boss, so I'll just say no" response.
START WITH SOMETHING SMALL.
In my case, it was getting permission to submit patches to correct bugs - very small, very simple, very non-threatening things. The argument was that we could submit the patches, or go through the pain of developing the same patches again with each new release of the software we were using. That's a good way to get the foot in the door: show that there's a benefit to submitting patches that outweighs any perceived risk. If you can show that you spend X days out of every release cycle generating the same ol' patches again and again, it's an even more convincing argument.
DON'T PUSH TOO HARD.
For some companies, this is a big step to take. Let the folks who make the decisions think about the idea, answer their questions honestly, and be persistent without harassing them every day about the issue. You don't want to have them tell you "no" just so you'll quit bugging them.
BE HAPPY WITH WHAT YOU GET.
I don't mean that when you get the first "no", you should give up. You need to be reasonable in your expectations - IMHO, submitting patches for bug fixes is fairly minor, and the reaction to that request should give you an idea of how receptive your maangement might be towards the idea of more substantial work & contributions.
My employer lets us submit bug fix patches freely for one project, at the developer's discretion. Minor feature additions in the same project require approval, which is generally easy to get. Other projects require management approval for all patches, no matter waht. Some projects that require copyright assignments are still in the "we're considering it" phase, and may never be approved. We've contributed at least one large chunk of original code to a project, and are considering doing it for a couple of others, as well, because while we want the software to have feature X, we don't want to have to maintain feature X. That's a pretty good argument to try if you're trying to get approval to submit a patch that adds a feature or functionality to an existing project :-)
"Great men are not always wise: neither do the aged understand judgement." Job 32:9
>The same argument could be made for preventing you from doing almost anything you don't have to do, regardless of how public spirited.
Not really. Its usually not worth it to sue an individual unless its to make a point because there will be very little monetary rewards.
A company usually has bigger pockets and are worthwhile to sue.
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
at Slate
Where is President-Vice Cheney?
Cheers,
W00t
I forgot to say this in my last post.
If your proprietary code contains GPL'ed code, and you distribute your proprietary app, then you are "only" in a license violation. You have two choices:
1. GPL your entire codebase.
2. Remove the GPL'ed code.
Mind you, this is a choice! Your codebase *will not* become GPL'ed "automatically" or "by definition"!
However, if you don't distribute your app, then there's no problem.
Just put your company's code up on the Internet under the GPL.
The first case proposes that money can be made via selling support for the free software product. This is by far the strongest case and is proven to work, for a few small companies. The two companies that are shown as positive examples of this business model are Red Hat and Caldera, who distribute and support the Linux operating system. What is never mentioned is that neither of these two companies has contributed significantly in relative terms to the Linux development process.
Umm, ever heard of Alan Cox? You know, the core developer who works for Red Hat?
Idiot.
IANAL, but why not just claim the individual, and not the company, is the one who is submitting the bugfix/improvement to the open source project, and not the company, so that liability rests upon the individual?
It depends on your company. You might of signed a form that states that the company owns whatever you write, even if it is job related or not. Depends on the company, usually the larger companies are more draconian about it.
On the reverse side, my company does not require any such statement to be signed. So, technically, I own all my code. Should make any layoffs fun around here.
'What? No severance package? I will make you a deal on my code. Either that or you remove it.'
It is an extream example but entirely possible to happen.
In God we trust, all others require data.
My company claims ownership of anything I do or develop, even on my own time using my own equipment. Now, i doubt any of their policy would stand up in court, but that is what the policy says.
But they won't let me in the country club.
evil refers to how he uses his evil powers to crush the competition by duplicating their efforts, bundling it with the OS "for free" and then somehow convincing the government that it's all legit...
I'll never understand, I guess my standards are too high.
I meant "you" when at work, in which case your employer could theoretically be liable.
Even being a used care salesman is better than being an asshat troll like yourself.
There are some very bad consultants out there, yes. There are also some very skilled ones who are worth every penny that they charge.
There I go again...feeding the trolls...
I posted a similar note in my Journal. I think that this is why Linux is as good as it is. BeDammit
The GPL pretty much covers that area. If you or any one else contributes to open source software released under the GPL it can just be flung out the as it were. This is because the code is not onwed by your company, or even you for that matter. It now falls under the GPL as well. If the open source projects you are contributing to are covered under other lisences this can dramaticly change what can be done. Some require the code to be recontributed, others, ala FreeBSD, would allow the company to make it completely propriertary.
:)
So sadly there is no way to come up with a 100% solution that is anything more then to simply re-release the changes to the community. Otherwise a separate plan would need to be made for any liscense ever worked under.
Working for an open source developer solves that issue nicer then anything else
I hope the third little piggy got mad cow - ^_^
I'm also a consultant, working for a not-for-profit, and I added a specific contract clause allowing me to contribute to OSS.
:)
The big code issue for my client was that they wanted explicit ownership of the code. They didn't want partial ownership, or to give me the rights to reuse the code, etc. I wanted the right to reuse what I developed elsewhere. We ended up compromising with a clause that allowed me to contribute any "fixes or improvements" to open source code back to the community. Interestingly, they were quite willing to accept this clause at contract time.
So I actually have an explicit contractual clause that allows me to contribute back. It makes me happy.
Try explaining to a client how you just charged them to add some functionality to something that will be used by others for free. It's great karma, but most suits aren't too interested in karma...
Another problem is that most people are more interested in short-term costs. Look at all the publicly-traded companies that will lay off people in order to boost their stocks in the short-term. The only people that really care about long-terms costs are either people in direct ownership or people with some level of perspective. Most grunts these days are probably figuring they won't be around at a specific company for long (whether it's their choice or the choice of someone else). And the best way to look good quickly is lowering short-term costs...
If all you have are silver bullets, everything looks like a werewolf.
I thought all the employment contracts today specified anything you do at any time regardless of time or location belongs to the company?
Not in my experience. Some do, some don't. Many people don't even have contracts, but company policies usually exist regarding IP that is produced while employed at said company.
In some cases those restrictions even extend to one's free time. If you work for a company that develops software and decide to write some OSS on your own time, you could very well be putting your job at risk.
The moral: read the fine print before signing and/or going to work someplace.
I would say that you should probably find a middle ground. If you have modifed an open source heavily enough that it is obviously distinct from the original, then keep it within the company. However, if you simply fixed a few bugs or made it slightly more stable without adding that much new functionality to it, then you should probably contribute it. Also, if you're just using it for within the company and it won't be sold to anyone, it wouldn't hurt to give that to the open source community since it has no effect on business. In summary: If it won't harm the company, then you might as well contribute it.
Those would be my guidelines. You should probably ask around within your company before you do anything though.
read my blog
musings on politics and technol
As a compromise, you may consider making architecture changes that allow independent implementations of proprietary stuff you make (largely through interfaces). Of course, you would include a null implementation that effectively disables the feature. You DO effectively tell everyone else WHAT you're doing, but not EXACTLY HOW you're doing it. They have to implement that themselves.
If others release implementations that are better, than you could use theirs instead. If your stuff is so hot that no-one else can touch it, well I suppose you'd keep using your version.
Such a methodology would also create an excellent model for competition (public and private) within open source. Additionally, it would raise the modularity of code so one could essentially mix and match.
-------- -------- Support Wesley Clark for president!!!
The plaintiff's lawyers will claim the individual did the work for the company and will try to get the company involved so the company's deeper pockets are reachable.
Maybe our good buddies at SCO might know.
Calm down, did you even read his post? He was wondering about how to give back to the community without getting in trouble with his company. So he is planning to give back to the community.
read my blog
musings on politics and technol
Tell your boss that you can do write the software and release under the "company's license model" (ie closed source) but that would take longer than deriving something from OSS code you've seen which just happens to do very nearly what your boss wants ...
"It's not your information. It's information about you" - John Ford, Vice President, Equifax
Being the son of a lawyer, I've been trained to read all contracts as if they were written and would be used by the devil himself.
I've been presented with a number of contracts that said more/less that anything I created during my time of employment (not just on company time, not just related to the company itself) would be the intellectual property of the company.
Fortunately, I've either gotten those contracted changed to reflect work relevant to the company, or to exclude prior works that I'm continuing on, or having simply been in countries where my homework (and the advice of a laywer) has shown that those contracts are invalid.
So do a LOT of research into what's in your contract and get that amended if you have to. Your supervisor may change, but the contract likely won't, and you could find yourself with someone firing and subsequently suing you.
(On the flip side, if you're lucky like me, you don't point out the stuff that lets you off the hook, like the NDA I signed that was invalid under the laws it was written because if failed to mention a penalty value. Hee-hee! I can sell the secrets! Same with another non-compete clause that was too broad. Now I can take the secrets and work for your competitor!)
The power of accurate observation is commonly called cynicism by those who have not got it. - G.B. Shaw
First let me say that there is a distinction between "what is right" and "what is legal". Many things that are not legal are right, and vice versa. I'm not interested in getting into a lot of "but that's not right!" arguments; I'm simply relating what the legal realities are as I understand them.
The only way to really be safe is to write down exactly what it is that you intend to contribute and get an officer of your company (or other superior who clearly has the authority to commit the company) to sign off acknowledging that the company will make no claims against your contribution. Stick to what has been agreed to, and get written addendums if there is "scope creep" on your open source project.
If they won't sign off in writing, you can assume that they will take action of some kind against you if you decide to do it anyway. As my lawyer used to say "contracts aren't for when people are happy with one another". Might be a good idea to look at other options (of employment, if you're committed is to your OSS project).
I would also note that unlike some wildly misguided people I've heard recently, you cannot simply take something you don't own (in the legal sense), release it with a GPL notice on top, and be free and clear legally. Sure, that code can't be "called back", but you (and people who use your code assuming you had the right to apply the GPL to that work) might very well find yourself in court. Ownership of the code (and thus who has the right to determine the license) is determined by the contract you entered into, and the courts will decide your fate based on that.
Be aware that some employment contracts state things to the effect that anything you do "in the field" can be claimed by your employer. Thus, just because your contribution is done on your own time with your own equipment, you still could be liable for action. Know exactly what your employment contract says (hopefully you did that before you signed it). Have a laywer (your own laywer) explain it to you if you aren't very familiar with contract language.
Also note that simply not signing an IP agreement does not automatically absolve you of its terms. Look for other employment paperwork that says things like "by accepting employment you implicitly agree to all our required employment contracts". I've definately seen people bit hard by this. If your employer has an IP agreement, then negotiate the terms you want and sign that so that all is tidy and legal. Again, consult your own lawyer to know exactly where you stand.
Know your rights under state law. Different states have wildly different interpretations of the strength of employment agreements. Contract language which would bind you up in one state might very well be tossed out as onerous in another. Consult a lawyer.
You do not want to litigate over this; you want to avoid putting yourself in that position. Even if you win, it's generally very expensive, annoying, frustrating and you'll often as not loose the job as a result. Don't sue "on principle" unless you know you have enough money, time, etc., to survive the process (including the possibility of loosing...no matter how strong you think your case is, the legal world is bizzarro world, and outcomes are not always deterministic). Special Fact - generally, if you sue your company (e.g. to claim ownership), and they decide to countersue you (say, for breach of contract), you won't be able to drop your suit (even if you run out of money), unless the other party agrees to it. Hint - they won't unless you back down.
Lastly...do not simply take your managers verbal word that there will be no problems. Get it in writing. There is a doctrine of "verbal contracts" (I suppose "implied authority" also plays here) under the law, but they are difficult to make stick, especially if the other side is determined to invalidate it. OTOH, "Paper has a perfect memory", as one of my old biz partners used to say.
N.B. - I can speak only for the U.S. There are different subtleties elsewhere...
N.N.B. - IANAL, nor do I want to be...
* you mention that you are currently customising open source software, does this mean that you are legitimately honouring the licenses associated with that software ? if not, then that should be your first step. the choice here is simple: either honour the license, or don't use the software. this may require you to make available your modifications.
* you really need to write up a business case: why is in the companies interest to do this ? will it be "pr" ? will it cost ? will it cause legal (liability) issues ? will others run with the software and turn it into something better (free labour for you) ? does the work required (to package, make available, etc) outweigh the costs ?
You need to answer these questions in an intelligent and reasoned way before someone else (i.e. your engineering manager / etc) is going to allow this to occur.
Duplicating their effors? How much can one web browser really differ from another? And including software in an OS is entirely "legit."
I'm a consultant, paid for my time and the IP I develop. I would not dare to risk cross-contamination by doing anything more than downloading and using open-source packages at the office.
As a fellow consultant, I have a few questions for you:
1) Do your clients require that *you* wrote it, or that the thingamajig works?
2) Do your clients mind if sections of their codebase that aren't part of the core deliverable (libraries and the like) improve with time without further investment on their part?
3) Do you read the licenses for the stuff that you develop in proprietary software to ensure that "contamination" is not happening there, too? Some of the EULAs for compilers and IDEs can be quite frightening when you actually READ them.
I use *alot* of GPL and LGPL stuff in my work. The key is to ensure that the GPL stuff is called as an external process, (so it's effectively its own program) and the LGPL stuff sits in its own, separate file.
I contribute changes and improvements constantly.
I have no problem with your religion until you decide it's reason to deprive others of the truth.
If you are using Open Source software to fulfill your contract, your client is getting the benefit of someone else's free work.
If you are fixing a bug to help the client, they are getting the value out of your time. If you give the bug fix to others, in return for use of the Open Source code, why should your employer care?
-- Pot is safer than Beer
This is some of the worst advice I have ever seen on Slashdot.
As some other posters mentioned, you can get into a lot of trouble by leaking code outside the company if you don't have a right to it. You should always make sure you have not just implied but explicit permission, preferably written on paper, before sending code outside the company. But there is a danger here far greater than just getting yourself into trouble.
Remember, whenever you contribute code to an F/OSS project, you have a moral obligation to the project and all of its users to ensure that you have a right to make that contribution. If you don't, you are setting the project up for potential legal trouble later on if your company decides to go after the project for use of unauthorized code. The project may be forced to rewrite significant parts of code, and it will make the project and all of F/OSS software look bad to the public.
I do not believe SCO's allegations about Linux, but if there is indeed any unauthorized SCO code in Linux, this method is how it got there.
Always, always, always be crystal clear that you have a right to code you contribute to F/OSS. If in doubt, don't contribute. It's not just you you should be worried about, it is the whole project!
The preceding comments reflect the author's personal opinion and are public domain, unless explicitly stated otherwise.
if you were my employee, and you wasted your time writing 'md5deep', you'd be fired. this is a 5 minutes shell script.
md5deep, reimplemented in shell, for your benefit. not tested, i'm sure there are some bugs. yes, it could use refinement, but this is a one minute job.
recursion:
$ find . -type f | xargs md5sum
time estimation:
#on my machine i get about 40 megs per second
#using md5sum (openssl is faster)
echo "`du -sk | cut -f1` / 40000" | bc
...express permission. Anything else, and you leave too many people (including yourself) hanging out in the breeze.
You don't read much Dilbert, do you? ;)
Everything you say makes sense and is logical, but the problem is that the world is messed up. We're in a world where everyone wants to take, but very few want to give (or give back).
Just look at some of the things that are happening in the world today. Crazy patents. Companies using scare-tactics on their customers. I'm not saying it's all bad, but chances are that you will have a hard time convincing someone with tunnel-vision how contributing helps them out.
Me skeptical? Yeah, I won't argue that. I used to be a very optimistic guy, but having to work has shown me that most people are just selfish. If you can find place where people really want to work together, cherish that. :)
(the worst part is that I've adopted this attitude, and I'm still in my 20's!)
If all you have are silver bullets, everything looks like a werewolf.
There was an interesting PerlMonks discussion about a very similar question not too long ago that you might be interested in reading.
Use Ctrl-C instead of ESC in Vim!
Where I work I suppose to be contributing our changes back, but I don't have the time. I usually just end up sending out bug reports with possible fixes and letting others get the code included if it's important enough.
The moral: read the fine print before signing and/or going to work someplace.
Or, in my case, thank GOD! that someone FINALLY called me for an interview and hired me: sign nda/what-have-you, and begin working and being paid (hurray!!) again after 18 months. It's a tough job market for some, and we can't be too choosey in what we'll accept in an nda/what-have-you.
But if you want to keep your job, definitely talk over everything that even BARELY seems questionable, even things you consider non-questionable.
Until there's another tech bubble, I'm super-gluing my butt in my cube. I'll retire the day they find my bleached white bones slumped over my keyboard.
Bah! I don't even worry about it. The entire infrastructure where I work wouldn't even exist if it wasn't for free software. If there's something we need done that can be done by modifying some open source code, well, it gets modified for productivity reasons. If the changes are things that are beneficial to more than just our organization they are made available without the management knowing a damn thing about it. I don't give a rat's ass whether or not they "allow" us to do it. Then again, I don't share your "doing it on their time, not your own" belief...at least when it comes to modifying software that is open source already. Software written from scratch while at work is another story.
Clauses about owning what you do on your own time don't usually hold up in court, and I've yet to run into a client who wasn't willing to stroke that section out of the contract when I explain why it's an issue for me and my career.
The two places I've worked that leveraged OSS were good about posting their enhancements, one works directly with the developers for a key OSS product they use. (It's been a big benefit to both -- the OSS developer has been adding features they need, and they've been providing him a "real life" debug environment with a highly skilled team and solid feedback.)
I've always specifically steered clients away from GPL libraries, as their business IP isn't worth risking when there are LGPL (or equivalent) libraries that do the same job. Rah-rahs for the GPL and all that, but banks and financial companies aren't even going to consider putting their internal processing systems out as GPL software, and don't qualify for internal-use-only exceptions in most cases.
I do not fail; I succeed at finding out what does not work.
No - only actions which are in breach of the law.
And in particular, when in the history of this world, has "malicious code [been] deliberately released" as part of an OSS?
Well, OpenSSH was trojaned. But frankly, the frequency of the incidents is pretty much irrelevant. The point is one of principle - is it right for an employee of a company to place it in jeopardy without it having any method of lowering its exposure to liability?
The upside for the company is an increase of good will, which transates into sales.
You're preaching to the converted, reverend! The question isn't whether OSS makes good business sense or not - it does. The question is simply one of whether the company has any right to exercise control over the output of its employees when working on company time - and IMHO it does. I wish that people were honest and wouldn't commit actions which harm others, but our laws are designed for the people we have, not those we'd like to have.
--Ng
but you missed a very significant GPL point.
If you grazed your cattle on the GPL commons, they just wouldn't own all the crap, they would also now own your cows!
If the addition / change you have will help the company in the next release. That would be the reson you give. It is much harder to justify giving away widgets becuase you feel the need to give back. That would require the company to figure out if was worth something first.
So if you can not answer the question:
1. give away code
2. ????
3. Profit
They will say no.
Since my company did not pay overtime, I would schedule my time to develop libraries at home. Only libraries unrelated to the core company business (network utilities, debugging libs, monitoring stuff). Since no company time or hardware was used to create them I added a GPL license in the source headers, with a clear indication that my employer was exempted as long as any code change is sent to me. I knew I could never enforce it, but I did not really care. I then mailed the source at work. Overall I would say that this code was less than 2% of the total work (I was doing more âoeovertimeâ at work than at home).
My goal was to keep utility code for re-use in the future, since I was receiving no pay to do it anyway! The company was in really bad shape and I believed they had less than a year to live.
A few months later I got âlet goâ(TM) (with most of the employees) and heard that a âoebig boss was really pissed of at my GPL additions a few months backâ. Strangely enough that boss never looked at code, and I never saw so much politics and backstabbing as I did in that company, I am sure this was presented to the boss by another coder under a bad light.
I canâ(TM)t say this is why I was let go, but it surely played a major role, since that boss made âoethe Listâ of who stayed and who left! This was probably stupid of me, but I still think I was in my rights to do so. So let this be a lesson for others (whatever that lesson is).
First, remember that I have a government job and pretty much can't get fired. [wink]
Given the time of day of your post... you ARE wasting my tax dollars spending time to read and post to Slashdot. Now GET BACK TO WORK YOU SLACKER!!!!! ON THE DOUBLE!!!!!!
Why Americans are obsessed with "rescuing" dogs. By Jon Katz
I was walking in a nearby park recently when an enormous muttâ"a Lab/shepherd mix, from the looks of itâ"came bounding down the wooded path, plowed into my belly, and knocked me down, touching off a spirited tiff with my two border collies.
As I clambered to my feet, a middle-aged man came chugging up, agitated and out-of-breath. He began belatedly scolding the genial and oblivious dog, whose name was Bear, explaining that Bear was a rescued dog, "probably abused." So the guyâ"who introduced himself as Stanâ"didn't want to train him to come, sit, or stop ricocheting into people, not yet; Bear had been through so much heartache already. He did lecture Bearâ""no," "bad dog," "why don't you listen to me?"â"long after the fact and well beyond the point of usefulness.
Finding Bear was no cinch, it turned out. Stan told me he had combed animal shelters for months but found that in the Northeast, at least, the number of abandoned and adoptable dogs has fallen in recent years; new leash laws had resulted in fewer lost and straying dogs, and a sharp rise in neutering and spaying meant fewer dogs running around period. Stan didn't want to simply buy some fancy purebred pet, he explained, not when there were so many creatures in need. He preferred to save one from misery, possibly even death.
So Stan went online and located Bear not in New Jersey, where we lived, but in a "foster home" in Alabama, via a rescue site listed on Petfinder.com. The demand for "rescued" dogs is so great that groups often have to scour faraway rural areas these days to find abused dogs for people to adopt.
Bear was transported north, by volunteer "transporters" located via mailing lists on the Net, and delivered to a local New Jersey "fosterer" for evaluation. "Screeners" check possible homes and new owners. Stan and his home and family were thoroughly evaluated before he was permitted to bring Bear home. "Believe me," he said with some pride, "it was easier for me to buy a house than to get this dog." The screeners returned more than once and let him know they would be back periodically. He signed a document promising to care for the dog and to never let the dog walk off-leash.
Now he was crazy about the dog, he confessed. It seemed to me that at least part of that feeling stemmed from his pride in having spared the animal a grim fate.
How did he know that Bear had been abused? I asked. "You can just tell," Stan assured me. "It's obvious. If you come near him with a leash or collar or stick, he looks terrified."
I'd heard such stories countless times. It needs to be said that there are innumerable and well documented stories of horrific abuse inflicted on dogs. At a Brooklyn shelter I visited a few months ago, I saw dogs that had been burned almost to death, abandoned, starved, poisoned, nearly drowned, beaten, and horribly mauled after being used as training fodder for fighting dogs. Rescue volunteers go to extraordinary lengths to save and care for these dogs.
But many professional trainers and dog lovers have become wary. They often roll their eyes when people explain that their dogs have been abused, seeing that as an excuse for obnoxious or aggressive behavior and as a way to avoid the effort of training. Many also sense a need for some dog owners to see their pets as suffering victims, rather than animals.
Pet behaviorists will tell you that it's usually impossible to know what dogs have actually been through, since they can't tell us. Dogs who are simply adjusting to new homes or poor training frequently show the same behaviors as ill-treated dogs: cowering, trembling, eliminating, shying away from the unfamiliar.
But dogs, like so many other things, are a mirror of the society weâ"and theyâ"live in. And a growing number of Americans not only need to rescue a creature, but to perceive those creatures as having been mistreated. Som
With the current SCO hub-bub, I think every developer who thinks about submitting code developed at work and every developer accepting new code from outside developers realize that the code you are submitting is the property of the company you work for!
Ultimately its there decisicion, if you feel like doing it without permission to 'Help' the open source community you are actually hurting the project and community almost beyond repair.
Unless you get writen signed off permission from someone who can give permission, 5-7 years from when you submitted the code, your company can still claim ownership to that data. Right now your boss may say "go for it!", 5 years from now, you and him are probably gone and forgotten, yet the company can still sue the project you submitted to because it contains their property.
Please, please if your not sure, don't submit!
Not the OP but do consulting work...
The #1 question that clients end up asking is We own this, right?. Maybe not for "My PHP Discussion Board", but definitely if it's a strategic part of their business and critical to their valuation.
Now this is a concern not just for open source components, but various bits of library code that you've been carting around. In fact, on a couple occasions I've been paid to rewrite perfectly good library bits just so the client can have clear copyright on the result.
So the question you need to ask yourself before you get into this situation is What does the client think they own? and make sure that you are upfront with them and the contract covers it.
I am not clear on one point. If I am incorrect, my apologies in advance of course. Are we to understand the entire corporate "official" mindset and policy so far is to be "leech and profit" only? IF so, it's simple, tell them it just ain't cool to only be a leech. They are cutting their own throat in the long run, and don't "get" the *full* concept of open and free software.
It's bad karma, man. Tell 'em that. Sharing goes both ways, or it won't work forever. Eventually no one is gonna wanna play nicey nice with you, back to struggling, watching the bigger fish come and get ya. The whole idea is strength and success and over-all profitability through cooperation and sharing. Just "taking" don't cut that software mustard.
So then make the change to the OSS project on your own time (ie, *your* companies time), charge a licensing fee to the client for the commercial use of the code you developed and then release under two licenses like trolltech has done for Qt.
You've then contributed to OSS, built up a library of your *own* IP and then charged the client for the commercial use of that IP.
when shipping product with LGPL libraries, it must be possible to relink the product with later libraries. Which means that either (1) you use shared objects (.so) format of those libraries, or (2) you distribute the objects of your application. Don't statically link LGPL libraries and then not release source or object files.
Ratboy.
Just another "Cubible(sic) Joe" 2 17 3061
It's easier to apologize afterward than it is to get permission beforehand.
Your amazing powers of persuasion have convinced me to give up contributing to OSS projects. I must have been dreaming that I got all those pay raises by writing useful snippets of code, your logic is irrefutable.
I understand now that I've been devalued, and I will go sacrifice my cat to Ayn Rand as penance. How could I have been so blind!
Since no one else has mentioned it yet, I will: tax-funded organizations can save considerable amounts of public money using open source software. As one example, our provincial post-secondary library system has saved hundreds of thousands of dollars in licensing fees by developing open source versions of commercial products (or rather, leading in the development of these products, since it's the commercial vendors who have been trailing us). It's actually a lot cheaper for us to hire programmers than pay for commercial licences for some of this stuff.
That's one example, but more generally, consider how much money the public sector must already be saving in annual licensing fees for web server software, operating systems, scripting languages, etc. As far as our agency is concerned, open source means lower costs, increased flexibility, and the ability to do a heck of a lot more with our limited budget.
Here's what _may_ work :
Start the project at home, out of your working hours.
Make it GPL'ed. As a public proof, you can release an initial public beta version.
Back to your company, continue to work on the project. Any addition made to it must be GPL'ed as well, isn't it? So even though you are working on it while on company time, you can always release the product as free software.
{{.sig}}
Even code you write on your own time -- you don't want the company to later be able to claim that you used their "intellectual property" -- your general knowledge of projects at work -- while writing that code. Perhaps I'm just paranoid, but I make sure to either get my free software activities acknowledged in writing before I accept a job, or not work on free projects that may be related to the stuff I do for hire.
But most important, don't do it without actual legally binding authorisation from your employer (not just your boss). It's critically important that all the free software out there really is safe for everyone to use.
Unlimited growth == Cancer.
It's very simple:
1) Look at the cost of using this open tool
2) Look at the cost of using this non-open tool
3) Look at the cost if I have to backport my enhancements every time they release a new version of this thing, especially if they move in a radically different direction
4) We can get the possibility of additional bugfixing with no additional costs.
It's not karma, it's business sense.
Verbatim:
" Yoyodyne, Inc., hereby disclaims all copyright interest in the
library `Frob' (a library for tweaking knobs) written by James Random Hacker.
, 1 April 1990
Ty Coon, President of Vice"
IANAL, but as I see it, this also releases the company from the wrath of any disgruntled users if it turns out that the patch is less that satisfactory. They don't own the bits and bobs any more.
>>to crush the competition by duplicating their efforts, bundling it with the OS "for free"
Sorta like OSS?
Remember that when you're in the unemployment line.
A co-worker and I were having this discussion with regards to the SCO vs IBM case: say I'm developing some technology at work, a state-of-the-art journaling filesystem for example. Now I go home at night and work on an open source journaling filesystem. All the code between work and open source projects is separate (i.e. absolutely no code sharing). However, there are certain concepts and ideas that I will inevitably borrow from my work project and put in the open source project.
Now we have a potential SCO vs IBM situation on hand: my company finds out that there is some open source using very similar technology (to their own patented or copyrighted work). My company is going to want royalties for this!
Although a lot of us open sourcers are taking the SCO vs. IBM situation lightly, if it does happen to go in SCO's favor (either by court decision or settlement), it's sets a precedent for companies to go scouring all open source code for possible IP infringement. This will scare corporations away from open source in a heartbeat.
Er.. do you want to do the "correct" thing or the "easy" thing.
If its the "easy" thing then be prepared for the consequences.
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
If its opensource code your working on, what makes you think it belongs to your company?
Take an example that never went true because it became a bit too... dedicated? I mean adapting it to more common case would require more work than writing it from scratch, but my intention was quite clear, and only quality of the final code prevented me from releasing it as open source.
:)
My job: Sysadmin.
My task: Provide the departament with a consistent "opt-in" daily backup system everyone could use to back up their work.
What can I do? Well, my boss doesn't care how I do it, just should be done and should be done well. I see this options:
1. Look around and purchase a commercial system. Not really possible, limited budget and quite specific situation (need to be able to use it from DOS, WinNT, Linux, Solaris and possibly more OSes)
2. Get a free software solution. Again, not quite possible for reasons above, the network.
3. Write the app myself.
Okay, so I pick #3. I write it in my "spare work time" - that is when I'm not assigned some other job. It's still "my private code" but it's towards achieving my boss' goals so he won't protest. I own the final application. I may license it as GNU. And then I implement it. My "paid task" wasn't writing the code so I still own it. But creating it was along the lines of the company needs so they welcome me doing it gladly - after all they will get just what they need from me for free... (and they aren't a software business anyway
Other situation - development of some other big app. "Look, boss, this thing could be useful for us if it had this and this... I could code that but it's GNU and the code would have to be licensed as that. (oh well, it could become our company's closeware too, but boss doesn't need to know that, plus I can credit my company in that part of code to get them free worldwide advertisment) So, what do you think? Can I write that?" "Okay, as long as that doesn't impact your assigned work." - that's the most probable answer.
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
No you don't understand. His companies' adoption of open source codebases obligates them to give back to the community unless they are developing in house tools. This shouldn't be an issue.
I wouldn't even worry about a NDA unless its insanely restrictive.
For the vast majority of people, its not worth enforcing a NDA especially if you are on good terms with your manager (and in any job market you should be.)
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
According to the GPL, if you are distributing the modifications outside your company, you have to make the modified source code available.
So the question you need to ask yourself before you get into this situation is What does the client think they own? and make sure that you are upfront with them and the contract covers it.
I *always* mention to the client that I use "free tools everywhere possible" to make the job go faster, reduce development costs and enhance stability. When they ask about "ownership", I calmly explain to them that being "Open Source" means that they own a perpetual right to use said "tools", and that I'm careful to use the tools in such a way as to not contaminate their paid-for sources.
When given the option of paying more for something that doesn't really get them anything, I've never had anybody turn down the open tools.
You have?
I have no problem with your religion until you decide it's reason to deprive others of the truth.
Ask your boss if its ok. If you don't want to ask them then you already know that they don't want you to do it. Remeber that although you might have the right (depending on your employment contract etc...) your bosses goals for you probably do not include helping with the open source movement.
we have to go through a class on open source/ closed source as required by legal here, and then we get an allotment of a few hours a week that we are allowed to to work on open osurce projects. Our company has a huge stake in linux and open source, and they are trying to grow it's culture inside of the company.
From the country where life is "TRUE BLUE" and tech support reigns..
A local ISP pays you $1000 to write a spam filter. You sign a contract which says, "I agree to write a spam filter and the copyrights belong to the ISP." Who owns it? You do. You can't assign rights to a work that hasn't yet been created.
No. You've created a contract to assign the copyright when it is completed. So, in effect, you *don't* hold the copyright.
The point is simple; you need a solution to a problem, your company can code it in its entire or grab an open source tarball to get to 90% in one day. The only drawback is that the other 10% does not belong to your company.
Put up 2 stats with the numbers based on spend hours and let them make the decision.
The beautiful part of this is that most managers will care more about short term 'profits' then the long term profits. So for something that is not directly a 'product' as such I suspect the result will be more 'ok' then 'no way!'
For those little bugfixes in apache or KDE or whatever; just email them from your home address; those kind of fixes are just for your working environment :)
http://sourceforge.net/projects/bie
...so I dont know if the same rules apply. Before we went open with this project, we did contribute to a few projects. (a while ago) Generally, no one at our company minds if you are contributing to an open source project, as long as what you are developing is needed here. Although the contributions might not be immediatly revenue generating, they see the long term benefit of being involved in a wider community. The days are swiftly passing where a product that is developed completely in the dark gains widespread approval on the open market (well, they could be..).
TallGreen CMS hosting
I suspect vicarious liability does not extend so far as malicious code, but certainly some jurisdictions do not allow one to waive all warranty, so there may be some liabilities...
the irony of the story right before this: "Steal this Idea"
hehe
IANAL, SAAL!
As I understand it, Justin Frankel didn't release WASTE--not as a private agent, anyway. He never claimed to own the rights to it. Nullsoft did.
Go work for a charity - I'm at one now and it's the best work enviroment I've been in.
The pays not so good, but that just means it's the people who really love their job that are around, rather than a bunch of hangers-on. And any code I write (at any point in time, mine or theirs) has my name in the copyright statement.
I guess that all depends on the situation. I work in a relatively small IT company (150 - 200 employees) and we started using an OS project inhouse.
We started to make changes and were wondering about what to do with them. Not a problem, I emailed our department manager and the CEO and told them what we wanted to do.
I now have an email direct from my CEO allowing me to release any code I see fit for that project.
I figured that it would be easier to get permission beforehand than trying to explain it all once someone questioned it...
Although I wouldn't say it was malicious code, there's been a little court case going on between SCO and IBM that you may have missed about some alleged confidential code being copied into Linux...
I think that would be more of an issue than malicious code (ie. copying some code that is protected by some other licence into a GPL project)
My buddy may be in some major trouble with his employer, and I'm wondering if it really is a legal thing or possibly just an ethical thing, or maybe not even that. His employer paid him to write a program that would be in direct competition with another program freely available in OS. The software he worked on would not be OS. However, He looked at the source of a 3rd program, (also OS) and took note of how it worked which was written in perl, and re-wrote everything in C/C++, once he found out how the perl program worked he never looked at it again, ie: everything he wrote was his code however he used the way the other program worked as a roadmap to follow for writing his code. Is this in any way infringing the rights of anyone? if so, is he and/or is company liable for these infringements? Where is the line drawn between inspiration and theft? I appreciate your feedback, thankyou.
If you've developed code on your free time, then you should just be required to receive management approval (to make sure the project you're submitting to doesn't compete with your company).
Of course, make sure to avoid using company emails and other necessary precautions.
If it's being submitted by the company, then it should carry the copyright of the company, and your management needs to make the decision to submit it. Remember, it is not your decision to submit code to anyone that you don't own.
int func(int a);
func((b += 3, b));
Please, guys - it is only OK to contribute to Open Source on company time if you work for Microsoft...
Dude, where's my Karma?
I feel that anyone that uses (and or profit$ from) open source software *and* develops modifications to that code that might be useful to the rest of the users of that application has an obligation to give it back to the community or come as close to doing so as possible. If you are not paying for your own time and don't own the code you develop, then all you can do is explain to the suits the concept of open source and the long term benefits (for everyone) of contributing modifications back to the community as long as they don't compromise corporate IP. Any good manager shouldn't have a problem allowing you to do that (possibly on your own time). If they turn you down, they are probably too stupid to understand anything larger than a paycheck and there's nothing you can do. But you've done your part, you've made the effort!
So what? His company is benefitting from the use of OS software, so why shouldn't they give back any improvements they make in return, instead of the usual license fee they would otherwise have to pay for that software? Free as in speech, not beer, get it?
>No - only actions which are in breach of the law.
No, that would make sense, but it isn;t the issue here. Consider restaurants which do not give excess food to the poor for fear of liability, for instance. Many similar "good deeds" are banned by copnaies in fear of litigation.
>>And in particular, when in the history of this world, has "malicious code [been] deliberately released" as part of an OSS?
>Well, OpenSSH was trojaned.
By an "intruder", not a contributor, as far as anyone knows.
>But frankly, the frequency of the incidents is pretty much irrelevant.
No, it's highly relevant. This is risk management, and you have to look at real numbers. When the historic number is zero, you can make a good case that the risk is negligible. When insurance companies look at fire risk in relation to smoking, and changed their premiums accordingly, many companies banned smoking, because there was a real risk and cost.
However, this needs to be clearly defined in your original NDA. If you are considering commencing work that might be useful to the open source community, you might want to get your current NDA re-negotiated so that you can get sign-off from your company to release "authorised" components on a per-case basis.
The main thing that companies will be afraid of is liability and losing face if the product/code/etc is found to be faulty. Most of the boiler-plate open source licenses out there cater to this, by stating that the product is not guaranteed to be fit for any purpose, and that by usage the customer/user takes on all liability themselves:
(Example, BSD license)
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
As a developer you also can make this easier by separating components of your software, making them modular. So that one library that does one thing in a useful way (but nothing especially proprietary) can be distributed, but another library that does some funky stuff on their proprietary application/database remains closed.
NOTE: I am not a lawyer! ;-)
Man watching 6 MSCE's around a sun box, looks alot like the opening scene's of 2001:space odyssey...
Well, sometimes I will be working with a OSS software package and I see a way to make a little change to make it better, or fix a bug. Why should any employer/client worry about that?
They probably shouldn't. Most of the open-source packages I use are in the category of "infrastructure"; my clients have no interest in, say, competing with Struts, so there should be no problem releasing improvements to it.
But the client (or employer) is the one who gets to make that decision. You can check the terms of your particular contracts, but by and large software developed on somebody else's nickel belongs to them. It is illegal for you to just up and give it away, and you could put an open source project in serious danger by letting them incorporate code to which they have no rights.
In my experience, this is pretty hard to get in a contract up front, but pretty easy to get once a client is comfortable with me.
Sure I get it, and I approve of it wholeheartedly. It still is up the the company to make that decision, not the employee. That's all I said.
Well, since I read /. on company time, my integrity is perhaps somewhat questionable. However, whenever I'm "working on open source," as you call it, I make sure to keep my fingers near the Windows-M keys. That's all the approval I've needed in the past. Happy programming. :D
https://www.eff.org/https-everywhere
We do.
;-)
I talked it over with my boss. We had some graphing stuff we wanted to do, doing it by hand would have been possible but taken quite some time, so we saved thousands of $ of development time by grabbing an open source library.
I made some changes to let it display certain things in a better way to meet our requirements. Other people had been asking for the same thing, so I posted code and explanation to the forums of those projects.
Not really any different from contributing in a discussion in for instance Microsoft Developer Network. (Except without the eveel!!!
my boss is all for Open Source so we are free to donate patches and fixes back to OSS projects, as long as we dont reveal company IP to the world, so personally ive contributed some stuff to phpMyAdmin and PEAR, and another guy in the office is working with the NTLM authentication support in libcurl
I'm me. I think.
Even for OSS stuff you do on your own time. Basically, you ask your deparment's legal advisor, telling him which project and the scope of your proposed involvement. It is then OK'ed, or not. Approval depends on the project, what you do for Intel, and what you propose to do for the project. Oh... and they read you the rules, but none of the rules are surprising, they are things like: "Don't publish company secrets." and other stuff that should be obvious to the dimmist of wits. Reasonably balanced, and sensible, all things considered.
So people think they can mod GPL programs and still protect there IP. Now once it is merged with GPL it is GPL you are not forced to share it but your not allowed to copy it either unless you agree to GPL. Basicly if you are working on GPL software with your companys permission everything put in there has just been transfered.
From a legal point of view you should only really place code section in GPL programs with permission(or own work and be verry careful that is own work and that you are alowned to produce own work. Ie microsoft programmers cannot due to there contract.). This is were the world turns evil. Now lets say you place code in GPL programs the worsted thing could be breach of contract and thieft. The question is if GPL is classed as dammaged if a GPL program contains IP that is should not. GPL was carefully writen so that GPL would not infect other companys IP with out permission now the thing is that the rest of the code is still GPL even with other IP in it so just delete the IP parts that should not be there and it is fixed. The thing is the programmer or the company who stole the IP and commited a crime are the one responable for the damage. Linux developer in the current case would have to live without partical sections. Nothing that could not be fixed. Now we don't place banks in jail just because they are storing drug money. Ie the Bank does not know it is drug money so they are not responable for the crime. This will most likely be the ruling in the case of SCO vs IBM.
Now it would be a totally diffent matter if SCO or someone told linux developers that this line of code was stolen and they would then have to remove it while it was checked out. Basicly the developers are asking for what will do more damage in the short term if SCO loses but this shows linux teams will to protect IP when a theif is found. Even then I bet there will be a lot of record checking to try to track down who added it so they can be black balled.
Basicly don't work on gpl code and transfer any company code in as then you are stealing.
The question is how many times programmers move from company to company and take source code with them. In linux case there open you can see the theif. There are many reasons for opensource Even if the source is unable to be complied and using it being a jail offence. IP is better protected by Opensource than closed as it is simpler to show when the code was developed.
Now I am not saying all code sould be GPL microsoft sharedsource provides the same protection.
The question is how many companys would be guilty of source theift if all the source code was opened up.
If you have been modifying code that is licensed under the GPL, then it does NOT, as you say, "technically still belong to the company." That's the way the GPL works.
msobkow wrote: banks and financial companies aren't even going to consider putting their internal processing systems out as GPL software, and don't qualify for internal-use-only exceptions in most cases.
Why wouldn't internally developed (even contractor-developed) bank or financial company internal processing systems qualify for the internal-use-only ("no distribution") exception?
This line of thought has a flaw. Suppose, I have found an incredible algorithm "on my own time" that would save my company a few millions. Should I use it in the company. If the company says, on "company time" no other thing to be done, then I would refrain from using what I found on "my own time" within the company.
Knowledge worker should not be bound by "his time" and "company time". He should be bound by "Deliverables". Current Employee-Employer contracts are anachronisms in the new reality.
Science as a way of life.
And if I hadn't been so tired and in a sarcastic mood anyway, I might have thought about it more.
On one hand, I see the Microsoft business as a good thing. They drive the industry. They give us a goal (how can I make my app better than ...) And, despite what many here on /. would say, they do provide a reasonable, feature rich OS, which is improving (features, stability, user friendliness) with each release. Their Office apps are the industry standard that everyone is trying to copy. Their development environments are among the best. The list goes on...
On the other, I (personally) have problems with some of the thought process they appear to follow. For example: "We have this competitor. Let's destroy them by duplicating their product(s) and bundling it with our operating system" This is perfectly legitimate, I admit. I'm just not comfortable with this line of reasoning. Maybe I read too much into it. Another complaint is that they (in my opinion) charge too much; but, I don't really have a grasp of what there overhead is. It could be that their pricing structure is reasonable for them as a company. I also wish that there would be fewer holes, bugs and other "features" in their code; but, really, other software isn't much better.
Before I get flamed: I work with both Windows and various flavors of unix; and, I happen to prefer unix; but, Linux, BSD, Solaris, AIX, HP-UX, any of them, have there own list of "issues" to contend with. There is no perfect OS.
Because that internal development typically gets deployed to a customer or business partner as part of a financial product offering. The software itself is not for sale, but it is required in order to make the financial product work.
I was lucky, made it to my mid-30's and the second sale of the company I worked for before I became a Dilbert. I found out, first hand, what many others have learned; that Dilbert is a documentary :-)
:-) Using an open source O/S, I probably would have found those bugs twice as fast, and would have been able to actually fix the bug faster than coming up with a work-around. I am amazed that management would not prefer a fix in half the time, or that they should begrudge giving away the bug fix, given the salary it saved them and the benefit they could derive from other programmer's bug fixes.
This world really does make you cynical though. In my career I have had to work around about 4 bugs in Windows. In each case it took many weeks (or months) to find the error, then many weeks to devise a work-around. The first time, I actually tried to report the bug to someone; I'll never do that again
As a programmer, being unable to see or change the source code of the O/S is an obstacle to my doing my job. If only management could be convinced of this.
-- Pot is safer than Beer
Companies - like people - are supposed to behave in a positive fashion, be good neighbours and good citizens. So when you are a driver for your company, you are nontheless expected e.g. to help out when you see an accident on the wayside, or, more genereal, you are expected to contribute to the general well-being of the communities they live in.
The idea that ethics, decency, politeness and friendlyness just somehow magically don't apply when you are at work is one of the great sick misconceptions of our time.
So, if you can fix the bug with a reasonable effort, do and submit it. That's the expected behaviour - and good manners - in your trade.
" You, sir, are a stupid asocial asshole. "
This is funny because everything I write, I give away!
http://libtomcrypt.org
My point was that work work is work work and is not upto you [no matter how left-wing GNU-righteous you are] whether it gets shared or not back in public.
Yes, in a perfect world we would share everything. Of course in a perfect world there wouldn't be money anyways! People would right software for the primary purpose of getting work done [not making an almighty buck].
Tom
Someday, I'll have a real sig.
As you say, I've never had anyone turn down this sort of offer.
All companies tend to mean, when they ask if they own it, is if it can ever be taken away from them if they don't pay.
While they haven't quite broken away from MS, they are starting to learn that they want to buy software, like a book, instead of licensing it and having insane restrictions. Open Source, being restriction-free to users, fits the bill perfectly. It also reduces what they pay to get it created or customized, so it's another win.
I've *never* had a client not like the idea of open source software.
(Well, with the exception of one client who wanted to write a program to sell, and wanted to have exclusive rights to it, but this is different circumstances and they told me what the job was at the interview.)
All companies tend to mean, when they ask if they own it, is if it can ever be taken away from them if they don't pay.
Bingo.
Not only do they own it (in the sense that no one can take it away from them), but they further own it in the sense that no one can deprive them of the means to have it maintained, enhanced or customized.
There are two meanings to "own".
It's mine and you can't have it.
It's mine and you can't take it away from me.
Similarly there are two meanings to "security".
It's mine and you can't break into it.
It's mine and you can't destroy it.
Companies have been destroyed when critical information was lost due to hardware or software failures. I haven't heard of any being more than mildly inconvenienced or embarrased by outsiders cracking their systems. Proprietary file system formats can leave a company with no viable exit strategies.
Why should any employer/client worry about that?
IMNSHO, I've got the following choices:
1) You make do with the package the way it is.
2) You fix the local copy so (for the moment) mine works better.
3) You go to the extra trouble, time, and effort to upload the bug patch.
Choice #3 has the same kind of payout as buying platinum dishpans from Russian serfs.
Release a virus into your company computer system. Everyone will be too busy with it to notice your coding OSS.
RMS r00lz
Try explaining to a client how you just charged them to add some functionality to something that will be used by others for free.
Good point, but methinks IBM has figured out some of the answer. The $1b IBM dumps into Linux affects IBM only indirectly, yet IBM claims to have more than made the money back. There is no IBM Linux.
Best bet may be to ask them how long they expect to stay in business. Short-term gains that kill the company are not a good idea (except for fly-by-night companies;)
Depending on what license the orginal code is under, you may already be obliged to make the source available to comsumers of the product. Make sure you understand your rights and obligations no matter which license is chosen by the F/OSS you use.
In any case, if you are working for a consultancy, who wishes to give back, ensure the customers know that you retain the rights to re-use or redistribute the code. If you are a lone gunman, be sure that your contracts specify that you may do the same.
As for the actual mechanics of giving back, you should find protocols asnd procdures at the project's home page.